adeshkolte

<!DOCTYPE html>
<html>
  <head>
    <title>PHP Web Shell</title>
  </head>
  <body>
    <h1>PHP Web Shell</h1>
    <form method="POST">
      <label>Enter a command:</label><br>
      <input type="text" name="cmd"><br>

adeshkolte

Foundry Cheatsheet

• Setup
  • Creating new projects
  • Usage in existing projects
• Dependencies
  • Adding dependencies
  • Remappings
• Testing
• Fork testing

adeshkolte

#!/usr/bin/env bash

declare -r reset="$(tput sgr0)" bold="$(tput bold)" dim="$(tput dim)" blink="$(tput blink)" underline="$(tput smul)" end_underline="$(tput rmul)" reverse="$(tput rev)" hidden="$(tput invis)" black="$(tput setaf 0)" red="$(tput setaf 1)" green="$(tput setaf 2)" yellow="$(tput setaf 3)" blue="$(tput setaf 4)" magenta="$(tput setaf 5)" cyan="$(tput setaf 6)" white="$(tput setaf 7)" default="$(tput setaf 9)" bg_black="$(tput setab 0)" bg_red="$(tput setab 1)" bg_green="$(tput setab 2)" bg_yellow="$(tput setab 3)" bg_blue="$(tput setab 4)" bg_magenta="$(tput setab 5)" bg_cyan="$(tput setab 6)" bg_white="$(tput setab 7)" bg_default="$(tput setab 9)"

l[1]="    ${cyan}╭────────────────────────────────────────────────────────╮"
l[2]="    ${cyan}│                                                        │"
l[3]="    ${cyan}│${reset}             	 ${bold}${cyan}Mr. Adesh Kolte${reset}         	     ${cyan}│"
l[4]="    ${cyan}│${reset}	       ${bold}Offensive Security Engineer @ ZokyoLabs${reset}     

adeshkolte

Cyber Security Base - Course Project I

I made a web application to which users can register and login to submit comments.
Logged in users can logout, view their own profile, delete their own comments and
delete their account as well as create new comments.
The application includes five different security flaws from the OWASP’s 2013 10 Most Critical Web Application Security Risks
list (https://www.owasp.org/index.php/Top_10_2013-Top_10). The flaws are as follows:

A2 - Broken Authentication and Session Management
A3 - Cross-Site Scripting (XSS)

adeshkolte

                         ╔╦╗╦ ╦  ╔╗ ┬ ┬┌─┐  ╔╗ ┌─┐┬ ┬┌┐┌┬┐┬ ┬  ╦═╗┌─┐┌─┐┌─┐┬ ┬┬─┐┌─┐┌─┐┌─┐
                         ║║║╚╦╝  ╠╩╗│ ││ ┬  ╠╩╗│ ││ │││││ └┬┘  ╠╦╝├┤ └─┐│ ││ │├┬┘│  ├┤ └─┐
                         ╩ ╩ ╩   ╚═╝└─┘└─┘  ╚═╝└─┘└─┘┘└┘┴  ┴   ╩╚═└─┘└─┘└─┘└─┘┴└─└─┘└─┘└─┘
                                          
                                           //
                              ()==========>>======================================--
                                           \\


2FA Bypass

adeshkolte

 An arbitrary file upload web vulnerability has been discovered in the
> Super File Explorer app for iOS.
> The vulnerability is located in the developer path that is accessible
> and hidden next to the root path.
> By default, there is no password set for the FTP or Web UI service.
he arbitrary file
> upload web vulnerability can be exploited by remote attackers without
> privilege application user account or user interaction. For security
> demonstration or to reproduce the vulnerability follow the provided
> information and steps below to continue.

adeshkolte

 Author: Adesh Nandkishor KOlte
> Vulnerable Parameter:Client Name
>
> PoC: Exploitation  
"><svg onload=prompt(/xss/);>
> 

> [Vulnerability Type]
> Cross Site Scripting (XSS)
>